node - 米舟开源

nodejs/node

Watch

Star

Fork

简介统计版本

9 days ago

node

nodejs

2026-03-24, Version 20.20.2 'Iron' (LTS), @marco-ippolito

This is a security release.

Notable Changes

(CVE-2026-21717) fix array index hash collision (Joyee Cheung) https://github.com/nodejs-private/node-private/pull/834
(CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) https://github.com/nodejs-private/node-private/pull/822
(CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) https://github.com/nodejs-private/node-private/pull/821
(CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) https://github.com/nodejs-private/node-private/pull/795
(CVE-2026-21715) add permission check to realpath.native (RafaelGSS) https://github.com/nodejs-private/node-private/pull/794
(CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) https://github.com/nodejs-private/node-private/pull/832
(CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) https://github.com/nodejs-private/node-private/pull/819

Commits

[cfb51fa9ce] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) nodejs-private/node-private#831
[f333d0be5f] - deps: V8: override depot_tools version (Richard Lau) #62344
[2acd5d1226] - deps: update undici to v6.24.1 (Matteo Collina) #62285
[af5c144ebc] - (CVE-2026-21717) deps,build,test: fix array index hash collision (Joyee Cheung) nodejs-private/node-private#834
[00ad47a28e] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821
[0123309566] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#840
[00830712bc] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#838
[a0c73425da] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832
[cc3f294507] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#839

9 days ago

node

nodejs

2026-03-24, Version 25.8.2 (Current), @RafaelGSS

This is a security release.

Notable Changes

(CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High
(CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High
(CVE-2026-21711) include permission check to pipe_wrap.cc (RafaelGSS) - Medium
(CVE-2026-21712) handle url crash on different url formats (RafaelGSS) - Medium
(CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) - Medium
(CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium
(CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium
(CVE-2026-21715) add permission check to realpath.native (RafaelGSS) - Low
(CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) - Low

Commits

[2086b7477b] - (CVE-2026-21717) build,test: test array index hash collision (Joyee Cheung) nodejs-private/node-private#834
[0f9332a40a] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) nodejs-private/node-private#822
[2b6937ddb2] - deps: update undici to 7.24.4 (Node.js GitHub Bot) #62271
[bfb8ad5787] - deps: update undici to 7.24.3 (Node.js GitHub Bot) #62233
[be6384727f] - deps: upgrade npm to 11.11.1 (npm team) #62216
[2feea5bb97] - deps: V8: override depot_tools version (Richard Lau) #62344
[86c04784dd] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821
[5197a56a34] - (CVE-2026-21711) permission: include permission check to pipe_wrap.cc (RafaelGSS) nodejs-private/node-private#820
[04a886c735] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#795
[9a7f80f2b0] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#794
[d9c9b628cf] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832
[45b55dc786] - (CVE-2026-21712) src: handle url crash on different url formats (RafaelGSS) nodejs-private/node-private#816
[4bfda307c0] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#819

9 days ago

node

nodejs

2026-03-24, Version 24.14.1 'Krypton' (LTS), @RafaelGSS prepared by @juanarbol

This is a security release.

Notable Changes

(CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High
(CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High
(CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium
(CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) - Medium
(CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium
(CVE-2026-21712) handle url crash on different url formats (RafaelGSS) - Medium
(CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) - Low
(CVE-2026-21715) add permission check to realpath.native (RafaelGSS) - Low

Commits

[6fae244080] - (CVE-2026-21717) build,test: test array index hash collision (Joyee Cheung) nodejs-private/node-private#828
[cc0910c62e] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) nodejs-private/node-private#822
[80cb042cf3] - deps: update undici to 7.24.4 (Node.js GitHub Bot) #62271
[f5b8667dc2] - deps: update undici to 7.24.3 (Node.js GitHub Bot) #62233
[08852637d9] - deps: update undici to 7.22.0 (Node.js GitHub Bot) #62035
[61097db9fb] - deps: upgrade npm to 11.11.0 (npm team) #61994
[9ac0f9f81e] - deps: upgrade npm to 11.10.1 (npm team) #61892
[3dab3c4698] - deps: V8: override depot_tools version (Richard Lau) #62344
[87521e99d1] - deps: V8: backport 1361b2a49d02 (Joyee Cheung) nodejs-private/node-private#828
[045013366f] - deps: V8: backport 185f0fe09b72 (Joyee Cheung) nodejs-private/node-private#828
[af22629ea8] - deps: V8: backport 0a8b1cdcc8b2 (snek) nodejs-private/node-private#828
[380ea72eef] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821
[d6b6051e08] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#795
[bfdecef9da] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#794
[c015edf313] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832
[cba66c48a5] - (CVE-2026-21712) src: handle url crash on different url formats (RafaelGSS) nodejs-private/node-private#816
[df8fbfb93d] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#819

9 days ago

node

nodejs

2026-03-24, Version 22.22.2 'Jod' (LTS), @RafaelGSS prepared by @aduh95

This is a security release.

Notable Changes

(CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High
(CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High
(CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) - Medium
(CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium
(CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium
(CVE-2026-21715) add permission check to realpath.native (RafaelGSS) - Low
(CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) - Low

Commits

[6f14ee5101] - (CVE-2026-21717) build,test: test array index hash collision (Joyee Cheung) nodejs-private/node-private#809
[52a52ef619] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) nodejs-private/node-private#822
[30a3ab11e2] - (CVE-2026-21717) deps: V8: cherry-pick aac14dd95e5b (Joyee Cheung) nodejs-private/node-private#809
[e3f4d6a42e] - (CVE-2026-21717) deps: V8: backport 1361b2a49d02 (Joyee Cheung) nodejs-private/node-private#809
[7dc00fa5f4] - (CVE-2026-21717) deps: V8: backport 185f0fe09b72 (Joyee Cheung) nodejs-private/node-private#809
[076acd052d] - (CVE-2026-21717) deps: V8: backport 0a8b1cdcc8b2 (snek) nodejs-private/node-private#809
[963c60a951] - deps: V8: override depot_tools version (Richard Lau) #62344
[a688117d5d] - deps: upgrade npm to 10.9.7 (npm team) #62330
[859c8c761b] - deps: update undici to v6.24.1 (Matteo Collina) #62285
[d5ed384a2f] - deps: upgrade npm to 10.9.6 (npm team) #62215
[a2fe9fd81a] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821
[73deff77c1] - lib: backport _tls_common and _tls_wrap refactors (Dario Piotrowicz) #57643
[06fc3436f6] - (CVE-2026-21716) permission: include permission check on lib/fs/promises (RafaelGSS) nodejs-private/node-private#795
[db48d9c675] - (CVE-2026-21715) permission: add permission check to realpath.native (RafaelGSS) nodejs-private/node-private#794
[2a6105a63b] - (CVE-2026-21714) src: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) nodejs-private/node-private#832
[91b970886f] - (CVE-2026-21637) tls: wrap SNICallback invocation in try/catch (Matteo Collina) nodejs-private/node-private#819

22 days ago

node

nodejs

2026-03-11, Version 25.8.1 (Current), @aduh95

Notable Changes

[ea87eea71a] - module: fix extensionless CJS files in "type": "module" packages (Matteo Collina) #62083

Commits

[bab750d1b3] - build: do not depend on V8 deps on --without-bundled-v8 builds (Antoine du Hamel) #62033
[b26d1c7fcb] - crypto: make --use-system-ca per-env rather than per-process (Aditi) #60678
[e362635abf] - crypto: add missing AES dictionaries (Filip Skokan) #62099
[6f975db8af] - crypto: fix importKey required argument count check (Filip Skokan) #62099
[3beaf9c5fc] - deps: update amaro to 1.1.8 (Node.js GitHub Bot) #62151
[53afb0edd8] - deps: update sqlite to 3.52.0 (Node.js GitHub Bot) #62150
[a13ed052a1] - deps: update merve to 1.2.0 (Node.js GitHub Bot) #62149
[2c850577b7] - deps: patch resb crate (Richard Lau) #62138
[37862a6728] - deps: V8: cherry-pick aa0b288f87cc (Richard Lau) #62136
[09191ad8b4] - deps: update ada to 3.4.3 (Node.js GitHub Bot) #62049
[8d63a178fd] - doc: copyedit addons.md (Antoine du Hamel) #62071
[83719ffb64] - doc: correct util.convertProcessSignalToExitCode validation behavior (René) #62134
[eeee7c7fb1] - doc: add efekrskl as triager (Efe) #61876
[db150b2e69] - doc: fix markdown for expectFailure values (Jacob Smith) #62100
[d55a441e60] - doc: add title to index (Aviv Keller) #62046
[cc46204b48] - doc: include url.resolve() in DEP0169 application deprecation (Mike McCready) #62002
[1d91a7261e] - doc,module: add missing doc for syncHooks.deregister() (Joyee Cheung) #61959
[5198573bee] - http: fix use-after-free when freeParser is called during llhttp_execute (Gerhard Stöbich) #62095
[f8793f80df] - lib: fix source map url parse in dynamic imports (Chengzhong Wu) #61990
[5439d0e0cf] - meta: bump actions/download-artifact from 7.0.0 to 8.0.0 (dependabot[bot]) #62063
[27fd21943a] - meta: bump actions/upload-artifact from 6.0.0 to 7.0.0 (dependabot[bot]) #62062
[5b266f3295] - meta: bump step-security/harden-runner from 2.14.2 to 2.15.0 (dependabot[bot]) #62064
[ea87eea71a] - module: fix extensionless CJS files in "type": "module" packages (Matteo Collina) #62083
[851228cd60] - sqlite: handle stmt invalidation (Guilherme Araújo) #61877
[19efe60548] - src: expose async context frame debugging helper to JS (Anna Henningsen) #62103
[0257e8072f] - src: make AsyncWrap subclass internal field counts explicit (Anna Henningsen) #62103
[975dafbe3b] - src: release context frame in AsyncWrap::EmitDestroy (Gerhard Stöbich) #61995
[f2c08c7888] - src: use validate_ascii_with_errors instead of validate_ascii (Сковорода Никита Андреевич) #61122
[0278461d83] - stream: optimize webstreams pipeTo (Mattias Buelens) #62079
[4d62e95bfa] - stream: fix brotli error handling in web compression streams (Filip Skokan) #62107
[4bdcaf2865] - stream: improve Web Compression spec compliance (Filip Skokan) #62107
[a5b1be2045] - stream: fix UTF-8 character corruption in fast-utf8-stream (Matteo Collina) #61745
[5632446c4e] - stream: fix TransformStream race on cancel with pending write (Marco) #62040
[f90fa9cd1a] - stream: accept ArrayBuffer in CompressionStream and DecompressionStream (조수민) #61913
[00319eaa3a] - test: update WPT for url to c928b19ab0 (Node.js GitHub Bot) #62148
[456abc7d20] - test: update WPT for WebCryptoAPI to c9e955840a (Node.js GitHub Bot) #62147
[82770cb7d3] - test: improve WPT report runner (Filip Skokan) #62107
[cfc847d233] - test: update WPT compression to ae05f5cb53 (Filip Skokan) #62107
[80f78f2737] - test: update WPT for WebCryptoAPI to 42e47329fd (Node.js GitHub Bot) #62048
[8048e0508c] - test: fix skipping behavior for test-runner-run-files-undefined (Antoine du Hamel) #62026
[699a6214c6] - tools: revert timezone update GHA workflow to ubuntu-latest (Richard Lau) #62140
[1a453b550c] - tools: improve error handling in test426 update script (Rich Trott) #62121
[710dde5ee2] - tools: fix --node-builtin-modules-path value in shell.nix (Antoine du Hamel) #62102
[dcb1cbb21f] - tools: bump the eslint group across 1 directory with 2 updates (dependabot[bot]) #62092
[7d0b758583] - tools: fix daily wpt workflow nighly release version lookup (Filip Skokan) #62076
[3e8c816f2e] - tools: fix example in release proposal linter (Richard Lau) #62074
[772d3d270d] - tools: bump minimatch from 3.1.3 to 3.1.5 in /tools/clang-format (dependabot[bot]) #62013
[92f3b42672] - tools: bump eslint to v10, babel to v8.0.0-rc.2 (Huáng Jùnliàng) #61905
[deead95ec5] - url: suppress warnings from url.format/url.resolve inside node_modules (René) #62005

28 days ago

node

nodejs

2026-03-05, Version 22.22.1 'Jod' (LTS)

Notable Changes

[7b93a65f27] - build: test on Python 3.14 (Christian Clauss) #59983
[6063d888fe] - cli: mark --heapsnapshot-near-heap-limit as stable (Joyee Cheung) #60956
[d950b151a2] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #61419
[4f42f8c428] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #60741
[b6ebf2cd53] - doc: add avivkeller to collaborators (Aviv Keller) #61115
[35854f424d] - doc: add gurgunday to collaborators (Gürgün Dayıoğlu) #61094
[5c6a076e5d] - meta: add Renegade334 to collaborators (Renegade334) #60714

Commits

[5f773488c2] - assert: use a set instead of an array for faster lookup (Ruben Bridgewater) #61076
[feecbb0eab] - assert,util: fix deep comparison for sets and maps with mixed types (Ruben Bridgewater) #61388
[096095b127] - benchmark: add SQLite benchmarks (Guilherme Araújo) #61401
[b5fe481415] - benchmark: use boolean options in benchmark tests (SeokhunEom) #60129
[fa9faacacb] - benchmark: allow boolean option values (SeokhunEom) #60129
[ba8714ac21] - benchmark: fix incorrect base64 input in byteLength benchmark (semimikoh) #60841
[53596de876] - benchmark: use typescript for import cjs benchmark (Joyee Cheung) #60663
[e8930e9d7c] - benchmark: focus on import.meta intialization in import-meta benchmark (Joyee Cheung) #60603
[1155e412b1] - benchmark: add per-suite setup option (Joyee Cheung) #60574
[e01903d304] - benchmark: improve cpu.sh for safety and usability (Nam Yooseong) #60162
[623a405747] - benchmark: add benchmark for leaf source text modules (Joyee Cheung) #60205
[7f5e7b9f7f] - benchmark: add microbench on isInsideNodeModules (Chengzhong Wu) #60991
[db132b85a8] - bootstrap: initialize http proxy after user module loader setup (Joyee Cheung) #58938
[66aab9f987] - buffer: let Buffer.of use heap (Сковорода Никита Андреевич) #60503
[c3cf00c671] - buffer: speed up concat via TypedArray#set (Gürgün Dayıoğlu) #60399
[f6fad231e9] - build: skip sscache action on non-main branches (Joyee Cheung) #61790
[2145f91f6b] - build: update android-patches/trap-handler.h.patch (Mo Luo) #60369
[5b49759dd8] - build: update devcontainer.json to use paired nix env (Joyee Cheung) #61414
[24724cde40] - build: fix misplaced comma in ldflags (hqzing) #61294
[c57a19934e] - build: fix crate vendor file checksums on windows (Chengzhong Wu) #61329
[8659d7cd07] - build: fix inconsistent quoting in Makefile (Antoine du Hamel) #60511
[44f339b315] - build: remove temporal updater (Chengzhong Wu) #61151
[d60a6cebd5] - build: update test-wpt-report to use NODE instead of OUT_NODE (Filip Skokan) #61024
[34ccf187f5] - build: skip build-ci on actions with a separate test step (Chengzhong Wu) #61073
[7b19e101a2] - build: run embedtest with node_g when BUILDTYPE=Debug (Chengzhong Wu) #60850
[9408c4459f] - build: upgrade Python linter ruff, add rules ASYNC,PERF (Christian Clauss) #59984
[2166ec7f0f] - build: use call command when calling python configure (Jacob Nichols) #60098
[73ef70145d] - build: remove V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE defs (Joyee Cheung) #60296
[7b93a65f27] - build: test on Python 3.14 (Christian Clauss) #59983
[508ce6ec6c] - build, src: fix include paths for vtune files (Rahul) #59999
[c89d3cd570] - build,tools: fix addon build deadlock on errors (Vladimir Morozov) #61321
[40904a0591] - build,win: update WinGet configurations to Python 3.14 (Mike McCready) #61431
[6d6742e7db] - child_process: treat ipc length header as unsigned uint32 (Ryuhei Shima) #61344
[6063d888fe] - cli: mark --heapsnapshot-near-heap-limit as stable (Joyee Cheung) #60956
[3d324a0f88] - cluster: fix port reuse between cluster (Ryuhei Shima) #60141
[40a58709b4] - console: optimize single-string logging (Gürgün Dayıoğlu) #60422
[d950b151a2] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #61419
[4f42f8c428] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #60741
[a87499ae25] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #60662
[8c65cc11e2] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #59956
[91dc00a2c1] - debugger: fix event listener leak in the run command (Joyee Cheung) #60464
[0781bd3764] - deps: V8: backport 6a0a25abaed3 (Vivian Wang) #61688
[0cf1f9c3e9] - deps: update googletest to 85087857ad10bd407cd6ed2f52f7ea9752db621f (Node.js GitHub Bot) #61417
[521b4b1f07] - deps: update sqlite to 3.51.2 (Node.js GitHub Bot) #61339
[58b9d219a3] - deps: update icu to 78.2 (Node.js GitHub Bot) #60523
[cbc1e4306d] - deps: update zlib to 1.3.1-e00f703 (Node.js GitHub Bot) #61135
[db59c35ed8] - deps: update cjs-module-lexer to 2.2.0 (Node.js GitHub Bot) #61271
[c18518ee3c] - deps: update nbytes to 0.1.2 (Node.js GitHub Bot) #61270
[376df62d63] - deps: update timezone to 2025c (Node.js GitHub Bot) #61138
[993e905302] - deps: update simdjson to 4.2.4 (Node.js GitHub Bot) #61056
[b72fd2a5d3] - deps: update googletest to 065127f1e4b46c5f14fc73cf8d323c221f9dc68e (Node.js GitHub Bot) #61055
[d765147405] - deps: update sqlite to 3.51.1 (Node.js GitHub Bot) #60899
[37abe2a7d2] - deps: update zlib to 1.3.1-63d7e16 (Node.js GitHub Bot) #60898
[97241fcb86] - deps: update sqlite to 3.51.0 (Node.js GitHub Bot) #60614
[3669c7b4f4] - deps: update simdjson to 4.2.2 (Node.js GitHub Bot) #60740
[9a056ec89c] - deps: update googletest to 1b96fa13f549387b7549cc89e1a785cf143a1a50 (Node.js GitHub Bot) #60739
[b5803b3ea0] - deps: update minimatch to 10.1.1 (Node.js GitHub Bot) #60543
[5bf99f3d46] - deps: update cjs-module-lexer to 2.1.1 (Node.js GitHub Bot) #60646
[801f187357] - deps: update simdjson to 4.2.1 (Node.js GitHub Bot) #60644
[03c16e5a4c] - deps: update simdjson to 4.1.0 (Node.js GitHub Bot) #60542
[2ebfc2ca56] - deps: update amaro to 1.1.5 (Node.js GitHub Bot) #60541
[d24ba4fed6] - deps: update simdjson to 4.0.7 (Node.js GitHub Bot) #59883
[9480a139bf] - deps: update googletest to 279f847 (Node.js GitHub Bot) #60219
[635e67379e] - deps: update archs files for openssl-3.5.5 (Node.js GitHub Bot) #61547
[c7b774047d] - deps: upgrade openssl sources to openssl-3.5.5 (Node.js GitHub Bot) #61547
[5b324d7d7f] - deps: update corepack to 0.34.6 (Node.js GitHub Bot) #61510
[eef8ba0667] - deps: update corepack to 0.34.5 (Node.js GitHub Bot) #60842
[490f7c7fb1] - deps: update corepack to 0.34.4 (Node.js GitHub Bot) #60643
[66903ea3b3] - deps: update corepack to 0.34.2 (Node.js GitHub Bot) #60550
[a2f0b69282] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #60314
[c8044a48a6] - deps: V8: backport 2e4c5cf9b112 (Michaël Zasso) #60654
[642f518198] - doc: supported toolchain with Visual Studio 2022 only (Mike McCready) #61451
[625f674487] - doc: move Security-Team from TSC to SECURITY (Rafael Gonzaga) #61495
[029e32f8ba] - doc: added requestOCSP option to tls.connect (ikeyan) #61064
[68e33dfa89] - doc: restore @ChALkeR to collaborators (Сковорода Никита Андреевич) #61553
[e016770d62] - doc: update IBM/Red Hat volunteers with dedicated project time (Beth Griggs) #61588
[ec63954657] - doc: mention constructor comparison in assert.deepStrictEqual (Hamza Kargin) #60253
[c8e1563a98] - doc: add CVE delay mention (Rafael Gonzaga) #61465
[4b00cf2b54] - doc: include OpenJSF handle for security stewards (Rafael Gonzaga) #61454
[4b73bf5bc8] - doc: clarify process.argv[1] behavior for -e/--eval (Jeevankumar S) #61366
[d3151df4b3] - doc: remove Windows Dev Home instructions from BUILDING (Mike McCready) #61434
[2323462e35] - doc: clarify TypedArray properties on Buffer (Roman Reiss) #61355
[6c5478c8b2] - doc: note resume build should not be done on node-test-commit (Stewart X Addison) #61373
[ba4a043103] - doc: refine WebAssembly error documentation (sangwook) #61382
[cd315ea589] - doc: add deprecation history for url.parse (Eng Zer Jun) #61389
[42db0c392d] - doc: add marco and rafael in last sec release (Marco Ippolito) #61383
[4c3b680fc7] - doc: packages: example of private import switch to internal (coderaiser) #61343
[684d15e421] - doc: add esm and cjs examples to node:v8 (Alfredo González) #61328
[c3f9c7a7d9] - doc: added 'secure' event to tls.TLSSocket (ikeyan) #61066
[aa9acad5ca] - doc: restore @watilde to collaborators (Daijiro Wachi) #61350
[9cafec084e] - doc: run license-builder (github-actions[bot]) #61348
[cdb12ccbc6] - doc: document ALPNCallback option for TLSSocket constructor (ikeyan) #61331
[461c5e65c5] - doc: update MDN links (Livia Medeiros) #61062
[dde45baeab] - doc: add documentation for process.traceProcessWarnings (Alireza Ebrahimkhani) #53641
[59a7aeec92] - doc: fix filename typo (Hardanish Singh) #61297
[9a0a40d1ed] - doc: fix typos and grammar in BUILDING.md & onboarding.md (Hardanish Singh) #61267
[dca7005f9d] - doc: mention --newVersion release script (Rafael Gonzaga) #61255
[c0dc8ddf85] - doc: correct typo in api contributing doc (Mike McCready) #61260
[066af38fe1] - doc: add PR-URL requirement for security backports (Rafael Gonzaga) #61256
[71dd46bd0c] - doc: add reusePort error behavior to net module (mag123c) #61250
[f6abe3ba33] - doc: note corepack package removal in distribution doc (Mike McCready) #61207
[9059d49d8c] - doc: fix tls.connect() timeout documentation (Azad Gupta) #61079
[e7b34b76b0] - doc: missing passed, error and passed properties on TestContext (Xavier Stouder) #61185
[9ae2dcfbb6] - doc: clarify threat model for application-level API exposure (Rafael Gonzaga) #61184
[9902331a7c] - doc: correct options for net.Socket class and socket.connect (Xavier Stouder) #61179
[a80122d2fe] - doc: document error event on readline InterfaceConstructor (Xavier Stouder) #61170
[38d73c9cfa] - doc: add a smooth scrolling effect to the sidebar (btea) #59007
[95c51fa984] - doc: correct invalid collaborator profile (JJ) #61091
[f5a044763c] - doc: exclude compile-time flag features from security policy (Matteo Collina) #61109
[b6ebf2cd53] - doc: add @avivkeller to collaborators (Aviv Keller) #61115
[35854f424d] - doc: add gurgunday to collaborators (Gürgün Dayıoğlu) #61094
[4932322c29] - doc: add File modes cross-references in fs methods (Mohit Raj Saxena) #60286
[c84904e047] - doc: add missing zstd to mjs example of zlib (Deokjin Kim) #60915
[e615b9e2f2] - doc: clarify fileURLToPath security considerations (Rafael Gonzaga) #60887
[99e384e6d4] - doc: replace column with columnNumber in example of util.getCallSites (Deokjin Kim) #60881
[9351bb4d02] - doc: correct spelling in BUILDING.md (Rich Trott) #60875
[e1f6e7fc4d] - doc: update debuglog examples to use 'foo-bar' instead of 'foo' (xiaoyao) #60867
[ccbb2d7300] - doc: fix typos in changelogs (Rich Trott) #60855
[1cb2fe8b35] - doc: mark module.register as active development (Chengzhong Wu) #60849
[ceeb4968a6] - doc: add fullName property to SuiteContext (PaulyBearCoding) #60762
[56155909dd] - doc: keep sidebar module visible when navigating docs (Botato) #60410
[6b637763d5] - doc: correct concurrency wording in test() documentation (Azad Gupta) #60773
[7183e8ffa1] - doc: clarify that CQ only picks up PRs targeting main (René) #60731
[d5d94303be] - doc: clarify license section and add contributor note (KaleruMadhu) #60590
[e0210c8f53] - doc: correct tls ALPNProtocols types (René) #60143
[eff87b498a] - doc: remove mention of SMS 2FA (Antoine du Hamel) #60707
[e77ef94a51] - doc: domain.add() does not accept timer objects (René) #60675
[4fe19c95ea] - doc: update Collaborators list to reflect hybrist handle change (Antoine du Hamel) #60650
[eece59b6ce] - doc: fix linter issues (Antoine du Hamel) #60636
[6e17e596e4] - doc: correct values/references for buffer.kMaxLength (René) #60305
[ac327ae9a7] - doc: recommend events.once to manage 'close' event (Dan Fabulich) #60017
[d9b149ea42] - doc: highlight module loading difference between import and require (Ajay A) #59815
[f6d62cb22c] - doc: fix typo in process.unref documentation (우혁) #59698
[6d5078b196] - doc: add some entries to glossary.md (Mohataseem Khan) #59277
[b0a5820dea] - doc: improve agent.createConnection docs for http and https agents (JaeHo Jang) #58205
[b5db02fe67] - doc: fix pseudo code in modules.md (chirsz) #57677
[e9b912d481] - doc: add missing variable in code snippet (Koushil Mankali) #55478
[44c06c7812] - doc: add missing word in single-executable-applications.md (Konstantin Tsabolov) #53864
[482b43f160] - doc: fix typo in http.md (Michael Solomon) #59354
[cd323bc718] - doc: update devcontainer.json and add documentation (Joyee Cheung) #60472
[c7c70f3a16] - doc: add haramj as triager (Haram Jeong) #60348
[04b8c4d14e] - doc: clarify require(esm) description (dynst) #60520
[de382dc832] - doc: instantiate resolver object (Donghoon Nam) #60476
[b6845ce460] - doc: clarify --use-system-ca support status (Joyee Cheung) #60340
[0894dae9bc] - doc: add missing CAA type to dns.resolveAny() & dnsPromises.resolveAny() (Jimmy Leung) #58899
[c86a69f692] - doc: use any for worker_threads.Worker 'error' event argument err (Jonas Geiler) #60300
[0c5031e233] - doc: update decorator documentation to reflect actual policy (Muhammad Salman Aziz) #60288
[b01f710175] - doc: document wildcard supported by tools/test.py (Joyee Cheung) #60265
[b4524dabcc] - doc: fix blob.bytes() heading level (XTY) #60252
[5df02776e3] - doc: fix not working code example in vm docs (Artur Gawlik) #60224
[6a4359a0b5] - doc: improve code snippet alternative of url.parse() using WHATWG URL (Steven) #60209
[ad06bee70d] - doc: use markdown when branch-diff major release (Rafael Gonzaga) #60179
[c0d4b11ed4] - doc: update teams in collaborator-guide.md and add links (Bart Louwers) #60065
[20b5ffcac3] - doc: update previous version links in BUILDING (Mike McCready) #61457
[de345ea3a3] - doc: correct description of error.stack accessor behavior (René) #61090
[d8418d9de7] - doc: fix link in --env-file=file section (N. Bighetti) #60563
[1107bda21e] - doc: fix v22 changelog after security release (Marco Ippolito) #61371
[42aab9469a] - doc: add missing history entry for sqlite.md (Antoine du Hamel) #60607
[deb6d5deff] - doc, module: change async customization hooks to experimental (Gerhard Stöbich) #60302
[c659add7d1] - doc,src,lib: clarify experimental status of Web Storage support (Antoine du Hamel) #60708
[dda95e91b9] - esm: avoid throw when module specifier is not url (Craig Macomber (Microsoft)) #61000
[912945be89] - events: remove redundant todo (Gürgün Dayıoğlu) #60595
[22e156eb10] - events: remove eventtarget custom inspect branding (Efe) #61128
[df6fd9b03f] - fs: remove duplicate getValidatedPath calls (Mert Can Altin) #61359
[6ea3e4d850] - fs: fix errorOnExist behavior for directory copy in fs.cp (Nicholas Paun) #60946
[dd918b9980] - fs: fix ENOTDIR in globSync when file is treated as dir (sangwook) #61259
[4908e67ba0] - fs: remove duplicate fd validation in sync functions (Mert Can Altin) #61361
[4a27bce3d9] - fs: detect dot files when using globstar (Robin van Wijngaarden) #61012
[b0186ff65c] - fs: validate statfs path (Efe) #61230
[6689775023] - gyp: aix: change gcc version detection so CXX="ccache g++" works (Stewart X Addison) #61464
[5c4f4db663] - http: fix rawHeaders exceeding maxHeadersCount limit (Max Harari) #61285
[7599e2eccd] - http: replace startsWith with strict equality (btea) #59394
[99a85213bf] - http: lazy allocate cookies array (Robert Nagy) #59734
[7669e6a5ad] - http: fix http client leaky with double response (theanarkh) #60062
[f074c126a8] - http,https: fix double ERR_PROXY_TUNNEL emission (Shima Ryuhei) #60699
[d8ac368363] - http2: add diagnostics channels for client stream request body (Darshan Sen) #60480
[e26a7e464d] - http2: rename variable to additionalPseudoHeaders (Tobias Nießen) #60208
[5df634f46e] - http2: validate initialWindowSize per HTTP/2 spec (Matteo Collina) #61402
[2ccc9a6205] - http2: do not crash on mismatched ping buffer length (René) #60135
[3e68a5f78a] - inspector: inspect HTTP response body (Chengzhong Wu) #60572
[a86ffa9a5d] - inspector: add network payload buffer size limits (Chengzhong Wu) #60236
[ea60ef5d74] - lib: fix typo in util.js comment (Taejin Kim) #61365
[9d8d9322a4] - lib: fix TypeScript support check in jitless mode (sangwook) #61382
[fc26f5c78f] - lib: gbk decoder is gb18030 decoder per spec (Сковорода Никита Андреевич) #61099
[3b87030012] - lib: enforce use of URLParse (Antoine du Hamel) #61016
[2a7479d4fc] - lib: use FastBuffer for empty buffer allocation (Gürgün Dayıoğlu) #60558
[7cf4c43582] - lib: fix constructor in _errnoException stack tree (SeokHun) #60156
[f9d87fbfaa] - lib: fix typo in QuicSessionStats (SeokHun) #60155
[8d26ccc652] - lib: remove redundant destroyHook checks (Gürgün Dayıoğlu) #60120
[705832a1be] - lib,src: isInsideNodeModules should test on the first non-internal frame (Chengzhong Wu) #60991
[6f39ad190b] - meta: do not fast-track npm updates (Antoine du Hamel) #61475
[a6a0ff9486] - meta: fix typos in issue template config (Daijiro Wachi) #61399
[ec88c9b378] - meta: label v8 module PRs (René) #61325
[83143835de] - meta: bump step-security/harden-runner from 2.13.2 to 2.14.0 (dependabot[bot]) #61245
[0802dc663a] - meta: bump actions/setup-node from 6.0.0 to 6.1.0 (dependabot[bot]) #61244
[587db55796] - meta: bump actions/cache from 4.3.0 to 5.0.1 (dependabot[bot]) #61243
[262c9d37a6] - meta: bump github/codeql-action from 4.31.6 to 4.31.9 (dependabot[bot]) #61241
[d9763b5afd] - meta: bump codecov/codecov-action from 5.5.1 to 5.5.2 (dependabot[bot]) #61240
[0af73d1811] - meta: bump peter-evans/create-pull-request from 7.0.9 to 8.0.0 (dependabot[bot]) #61237
[8be6afd239] - meta: move lukekarrys to emeritus (Node.js GitHub Bot) #60985
[c497de5c74] - meta: bump actions/setup-python from 6.0.0 to 6.1.0 (dependabot[bot]) #60927
[774920f169] - meta: bump github/codeql-action from 4.31.3 to 4.31.6 (dependabot[bot]) #60926
[ef3b1e5991] - meta: bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 (dependabot[bot]) #60924
[3ed667379f] - meta: bump github/codeql-action from 4.31.2 to 4.31.3 (dependabot[bot]) #60770
[7c0cefb126] - meta: bump step-security/harden-runner from 2.13.1 to 2.13.2 (dependabot[bot]) #60769
[5c6a076e5d] - meta: add Renegade334 to collaborators (Renegade334) #60714
[4f4dda2a18] - meta: bump actions/download-artifact from 5.0.0 to 6.0.0 (dependabot[bot]) #60532
[c436f8d57c] - meta: bump actions/upload-artifact from 4.6.2 to 5.0.0 (dependabot[bot]) #60531
[402d9f87a6] - meta: bump github/codeql-action from 3.30.5 to 4.31.2 (dependabot[bot]) #60533
[61be78e326] - meta: bump actions/setup-node from 5.0.0 to 6.0.0 (dependabot[bot]) #60529
[7e4164a623] - meta: bump actions/stale from 10.0.0 to 10.1.0 (dependabot[bot]) #60528
[1bf6e1d010] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #60325
[c66fc0e9cf] - meta: loop userland-migrations in deprecations (Chengzhong Wu) #60299
[e4be0791e7] - meta: call create-release-post.yml post release (Aviv Keller) #60366
[8674f6527f] - module: preserve URL in the parent created by createRequire() (Joyee Cheung) #60974
[41db87a975] - msi: fix WiX warnings (Stefan Stojanovic) #60251
[884f313f40] - node-api: use Node-API in comments (Vladimir Morozov) #61320
[375164190b] - node-api: use local files for instanceof test (Vladimir Morozov) #60190
[972a1107c0] - os: freeze signals constant (Xavier Stouder) #61038
[e992057ab7] - perf_hooks: fix stack overflow error (Antoine du Hamel) #60084
[0bb1814fdf] - repl: fix pasting after moving the cursor to the left (Ruben Bridgewater) #60470
[35a12fb996] - src: replace ranges::sort for libc++13 compatibility on armhf (Rebroad) #61789
[dbf00d4664] - src: add missing override specifier to Clean() (Tobias Nießen) #61429
[140eba35d3] - src: cache context lookup in vectored io loops (Mert Can Altin) #61387
[93e7e1708b] - src: use C++ nullptr in webstorage (Tobias Nießen) #61407
[ef868447bc] - src: fix pointer alignment (jhofstee) #61336
[a96256524c] - src: dump snapshot source with node:generate_default_snapshot_source (Joyee Cheung) #61101
[ec051b9efd] - src: add HandleScope to edge loop in heap_utils (Mert Can Altin) #60885
[41749eb5d6] - src: remove redundant CHECK (Tobias Nießen) #61130
[57c81e5af3] - src: fix off-thread cert loading in bundled cert mode (Joyee Cheung) #60764
[4b0616e024] - src: handle DER decoding errors from system certificates (Joyee Cheung) #60787
[93393371f9] - src: use static_cast instead of C-style cast (Michaël Zasso) #60868
[900445b655] - src: move Node-API version detection to where it is used (Anna Henningsen) #60512
[8353a6da2a] - src: avoid C strings in more C++ exception throws (Anna Henningsen) #60592
[27c860c51f] - src: move napi_addon_register_func to node_api_types.h (Anna Henningsen) #60512
[e0517752e7] - src: remove unconditional NAPI_EXPERIMENTAL in node.h (Chengzhong Wu) #60345
[21e2a52f8e] - src: clean up generic counter implementation (Anna Henningsen) #60447
[aed23cb8ca] - src: add enum handle for ToStringHelper + formatting (Burkov Egor) #56829
[2e93650ebc] - src: fix timing of snapshot serialize callback (Joyee Cheung) #60434
[ece4acc18f] - src: add COUNT_GENERIC_USAGE utility for tests (Joyee Cheung) #60434
[31c8e9d9ff] - src: use cached primordials_string (Sohyeon Kim) #60255
[7f0ffddc14] - src: implement Windows-1252 encoding support and update related tests (Mert Can Altin) #60893
[c2ba56d6b2] - src,permission: fix permission.has on empty param (Rafael Gonzaga) #60674
[e55a2b895a] - src,permission: add debug log on is_tree_granted (Rafael Gonzaga) #60668
[902a78b43c] - stream: fix isErrored/isWritable for WritableStreams (René) #60905
[221b77cf41] - stream: don't try to read more if reading (Robert Nagy) #60454
[46d12d826f] - test: skip strace test with shared openssl (Richard Lau) #61987
[52e6b01a44] - test: mark test-strace-openat-openssl as flaky (Antoine du Hamel) #61921
[4d7468d0e0] - test: skip --build-sea tests on platforms where SEA is flaky (Joyee Cheung) #61504
[f604b7ae67] - test: fix flaky debugger test (Ryuhei Shima) #58324
[fc2dc4024b] - test: ensure removeListener event fires for once() listeners (sangwook) #60137
[5fba382816] - test: delay writing the files only on macOS (Luigi Pinca) #61532
[85cc9e20e4] - test: asserts that import.meta.resolve invokes sync loader hooks (Chengzhong Wu) #61158
[13831685ca] - test: check util.parseArgs argv parsing with actual process execution (René) #61089
[ec4b722cb8] - test: remove unneccessary repl magic_mode tests (Dario Piotrowicz) #61053
[5c811106bc] - test: skip sea tests on riscv64 (Stewart X Addison) #61111
[4e4a631c07] - test: mark stringbytes-external-max flaky on AIX (Stewart X Addison) #60995
[9af0787043] - test: update test426 fixtures (Rich Trott) #60982
[277f16d247] - test: skip SEA inspect test if inspector is not available (Livia Medeiros) #60872
[7dfa8c96bf] - test: use assert.match for non-literal regexp tests (René) #60879
[41e6cd8ce5] - test: fix embedtest in debug windows (Vladimir Morozov) #60806
[f65147b226] - test: fix debug test crashes caused by sea tests (Vladimir Morozov) #60807
[a93dff9e92] - test: replace deprecated regex test assertions in http trailers test (Aditya Chopra) #60831
[f90d5b954f] - test: prefer major GC in cppgc-object teardown (sangwook) #60672
[e1645cc78d] - test: skip test that cause timeout on IBM i (SRAVANI GUNDEPALLI) #60700
[4f23eba22f] - test: limit the concurrency of WPTRunner for RISC-V (Levi Zim) #60591
[c2bef6522b] - test: fix test-strace-openat-openssl for RISC-V (Levi Zim) #60588
[4c03a7f864] - test: fix status when compiled without inspector (Antoine du Hamel) #60289
[2ef146a074] - test: apply a delay to watch-mode-kill-signal tests (Joyee Cheung) #60610
[dc3000c504] - test: async iife in repl (Tony Gorez) #44878
[5e06e84db1] - test: parallelize sea tests when there's enough disk space (Joyee Cheung) #60604
[940d2752bc] - test: only show overridden env in child process failures (Joyee Cheung) #60556
[558a5743c6] - test: add more logs to test-esm-loader-hooks-inspect-wait (Joyee Cheung) #60466
[10fac8de45] - test: mark stringbytes-external-exceed-max tests as flaky on AIX (Joyee Cheung) #60565
[8bc84046be] - test: correct conditional secure heap flags test (Shelley Vohr) #60385
[ccc805f184] - test: fix flaky test-watch-mode-kill-signal-* (Joyee Cheung) #60443
[1b8274453d] - test: capture stack trace in debugger timeout errors (Joyee Cheung) #60457
[9fcf889279] - test: ensure assertions are reachable in test/async-hooks (Antoine du Hamel) #60150
[7f5230333e] - test: increase debugger waitFor timeout on macOS (Chengzhong Wu) #60367
[0e5ea3b795] - test: fix small compile warning in test_network_requests_buffer.cc (xiaocainiao633) #60281
[012780c7e8] - test: split test-runner-watch-mode-kill-signal (Joyee Cheung) #60298
[b53d35a8f8] - test: fix incorrect calculation in test-perf-hooks.js (Joyee Cheung) #60271
[b8ef464c08] - test: skip sea tests on x64 macOS (Joyee Cheung) #60250
[a3c4d905da] - test: move sea tests into test/sea (Joyee Cheung) #60250
[80bec9fd07] - test: skip tests that cause timeouts on IBM i (SRAVANI GUNDEPALLI) #60148
[1d05b44c7c] - test: deflake test-fs-promises-watch-iterator (Luigi Pinca) #60060
[8958096840] - test: deflake test-repl-paste-big-data (Livia Medeiros) #60975
[e261a59ca4] - test: add new startNewREPLSever testing utility (Dario Piotrowicz) #59964
[d4a2d8aa8a] - test: skip failing tests when compiled without amaro (Yuki Okita) #60815
[0e407a88bb] - test: skip failing test on macOS 15.7+ (Antoine du Hamel) #60419
[a253b7b6dc] - tools: switch to ARM runners on GHA jobs (Antoine du Hamel) #61903
[8862c41494] - tools: avoid building twice in coverage jobs (Antoine du Hamel) #61899
[7d11a22802] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #61759
[d0e7d6cb89] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #61734
[cf5ddd1811] - tools: use ubuntu-latest runner in notify-on-push workflow (Antoine du Hamel) #61742
[18bcf8e260] - tools: use ubuntu-slim runner in meta GitHub Actions (Tierney Cyren) #61663
[db76733b55] - tools: update gyp-next to 0.21.1 (Node.js GitHub Bot) #61528
[1dd9d8a3b2] - tools: fix vcbuild lint-js-build (Vladimir Morozov) #61318
[ec67f8f9b5] - tools: only report commit validation failure on Slack (Antoine du Hamel) #61124
[8e385c8c66] - tools: use sparse-checkout in linter jobs (Antoine du Hamel) #61123
[aed2e9c8eb] - tools: simplify notify-on-push (Antoine du Hamel) #61050
[32680feefb] - tools: fix update-nghttp2 signature verification (Richard Lau) #61035
[c5f68f41e6] - tools: improve log output of create-release-proposal (Antoine du Hamel) #61028
[32e0ae0ec7] - tools: fix vcbuild test when path contain spaces (stduhpf) #56481
[9e0858e4a2] - tools: do not run test-linux workflow for changes on vcbuild.bat (Antoine du Hamel) #60979
[fd656a79fc] - tools: disable some new cpplint rules before update (Michaël Zasso) #60901
[df4df52e67] - tools: don't fetch V8 deps in the source tree (Richard Lau) #60883
[e5c2fe8d6d] - tools: add temporal updater (Chengzhong Wu) #60828
[7f031e097e] - tools: dump config.gypi as json (Chengzhong Wu) #60794
[5e69488a5a] - tools: bump js-yaml from 4.1.0 to 4.1.1 in /tools/lint-md (dependabot[bot]) #60781
[5119c50931] - tools: bump js-yaml from 4.1.0 to 4.1.1 in /tools/doc in the doc group (dependabot[bot]) #60766
[a4b073123d] - tools: remove unsupported cooldown from Dependabot config (Antoine du Hamel) #60747
[a3df6b87bb] - tools: update sccache to v0.12.0 (Michaël Zasso) #60723
[2efbd54a4a] - tools: update gyp-next to 0.21.0 (Node.js GitHub Bot) #60645
[bb7876e4f9] - tools: replace invalid expression in dependabot config (Riddhi) #60649
[e444e44d6a] - tools: skip unaffected GHA jobs for changes in test/internet (Antoine du Hamel) #60517
[a6a0ec107c] - tools: do not use short hashes for deps versioning to avoid collision (Antoine du Hamel) #60407
[c6e2eed65f] - tools: fix update-icu script (Michaël Zasso) #60521
[76fb3d123b] - tools: fix linter for semver-major release proposals (Antoine du Hamel) #60481
[f02889e24e] - tools: fix failing release-proposal linter for LTS transitions (Antoine du Hamel) #60465
[8203df4432] - tools: remove undici from daily wpt.fyi job (Filip Skokan) #60444
[a58242b666] - tools: add lint rule to ensure assertions are reached (Antoine du Hamel) #60125
[58e3ef398f] - tools: update gyp-next to 0.20.5 (Node.js GitHub Bot) #60313
[996494482a] - tools: optimize wildcard execution in tools/test.py (Joyee Cheung) #60266
[cf84756d0d] - tools: use cooldown property correctly (Rafael Gonzaga) #60134
[5469cb2651] - tools: validate release commit diff as part of lint-release-proposal (Antoine du Hamel) #61440
[1b9eab4a1c] - tools,doc: fix format-md files list (Stefan Stojanovic) #61147
[b20d9c2ce7] - tools,doc: update JavaScript primitive types to match MDN Web Docs (JustApple) #60581
[31760b1beb] - typings: add typing for string_decoder (Taejin Kim) #61368
[d6b908917c] - typings: add missing properties and method in Worker (Woohyun Sung) #60257
[1e8b6d5686] - typings: add missing properties in HTTPParser (Woohyun Sung) #60257
[27ae9b4a26] - typings: delete undefined property in ConfigBinding (Woohyun Sung) #60257
[f43c6434e2] - typings: add buffer internalBinding typing (방진혁) #60163
[e7f954f63a] - url: add fast path to getPathFromURL decoder (Gürgün Dayıoğlu) #60749
[c149b64473] - url: remove array.reduce usage (Gürgün Dayıoğlu) #60748
[0bd291bff1] - util: optimize toASCIILower function using V8s native toLowerCase (Mert Can Altin) #61107
[bbc54b3c96] - util: limit inspect to only show own properties (Ruben Bridgewater) #61032
[78e5fa23c4] - util: fix parseArgs skipping positional arg with --eval and --print (azadgupta1) #60814
[f75ec19105] - util: assert getCallSites does not invoke Error.prepareStackTrace (Chengzhong Wu) #60922
[d77da9306c] - util: fix stylize of special properties in inspect (Ge Gao) #60479
[3a4edc8f6d] - util: use more defensive code when inspecting error objects (Antoine du Hamel) #60139
[25c33af752] - util: mark special properties when inspecting them (Ruben Bridgewater) #60131
[3f98b46716] - vm: make vm.Module.evaluate() conditionally synchronous (Joyee Cheung) #60205
[f64a691493] - win: upgrade Visual Studio workload from 2019 to 2022 (Jiawen Geng) #60318
[8e04327954] - worker: update code examples for node:worker_threads module (fisker Cheung) #58264
[c4440dcc60] - worker: remove not implemented declarations (Artur Gawlik) #60655
[df4cc62954] - zlib: validate write_result array length (Ryuhei Shima) #61342

28 days ago

node

nodejs

2026-03-05, Version 20.20.1 'Iron' (LTS), @marco-ippolito

Notable Changes

[91a66e671c] - build: test on Python 3.14 (Christian Clauss) #59983
[f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #61419
[80feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #60741

Commits

[6f580d5399] - assert: fix deepEqual always return true on URL (Xuguang Mei) #50853
[91a66e671c] - build: test on Python 3.14 (Christian Clauss) #59983
[cc4f7af6f3] - build: skip sscache action on non-main branches (Joyee Cheung) #61790
[f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #61419
[80feacaddb] - crypto: update root certificates to NSS 3.117 (Node.js GitHub Bot) #60741
[fa88cc07e2] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #60662
[88b2eec88a] - deps: update minimatch to 10.2.2 (Node.js GitHub Bot) #61830
[5c053264f1] - deps: V8: backport 6a0a25abaed3 (Vivian Wang) #61687
[4a398699d0] - deps: update googletest to 5a9c3f9e8d9b90bbbe8feb32902146cb8f7c1757 (Node.js GitHub Bot) #61731
[4fa43adf15] - deps: update googletest to 56efe3983185e3f37e43415d1afa97e3860f187f (Node.js GitHub Bot) #61605
[1a855d490c] - deps: update googletest to 85087857ad10bd407cd6ed2f52f7ea9752db621f (Node.js GitHub Bot) #61417
[d8a9359826] - deps: update icu to 78.2 (Node.js GitHub Bot) #60523
[e79cd3a0bb] - deps: update acorn-walk to 8.3.5 (Node.js GitHub Bot) #61928
[0707ade464] - deps: update acorn to 8.16.0 (Node.js GitHub Bot) #61925
[dc5a3cddef] - deps: update llhttp to 9.3.1 (Node.js GitHub Bot) #61827
[46043b94c7] - deps: update zlib to 1.3.1-e00f703 (Node.js GitHub Bot) #61135
[6be15a596e] - deps: update cjs-module-lexer to 2.2.0 (Node.js GitHub Bot) #61271
[10881404cd] - deps: update timezone to 2025c (Node.js GitHub Bot) #61138
[1594a78c85] - deps: update googletest to 065127f1e4b46c5f14fc73cf8d323c221f9dc68e (Node.js GitHub Bot) #61055
[7fa2ee1933] - deps: update zlib to 1.3.1-63d7e16 (Node.js GitHub Bot) #60898
[09259532ef] - deps: update googletest to 1b96fa13f549387b7549cc89e1a785cf143a1a50 (Node.js GitHub Bot) #60739
[aa8bdb6886] - deps: update cjs-module-lexer to 2.1.1 (Node.js GitHub Bot) #60646
[cc849fde27] - deps: update googletest to 279f847 (Node.js GitHub Bot) #60219
[a99ba553a2] - deps: update googletest to 50b8600 (Node.js GitHub Bot) #59955
[6349a79f5f] - deps: update googletest to 7e17b15 (Node.js GitHub Bot) #59131
[8ba759f1a0] - deps: update googletest to 35b75a2 (Node.js GitHub Bot) #58710
[927d906850] - deps: update googletest to e9092b1 (Node.js GitHub Bot) #58565
[bf8919f5c2] - deps: update googletest to 0bdccf4 (Node.js GitHub Bot) #57380
[ae6231dac0] - deps: update googletest to e235eb3 (Node.js GitHub Bot) #56873
[0561c62e85] - deps: update minimatch to 10.1.2 (Node.js GitHub Bot) #61732
[f0ef221b0d] - deps: update minimatch to 10.1.1 (Node.js GitHub Bot) #60543
[15bd0da404] - deps: update archs files for openssl (Antoine du Hamel) #61912
[04d439323f] - deps: upgrade openssl sources to openssl-3.0.19 (Antoine du Hamel) #61912
[2ea16d3bd6] - deps: update corepack to 0.34.6 (Node.js GitHub Bot) #61510
[622f973d1c] - deps: update corepack to 0.34.5 (Node.js GitHub Bot) #60842
[2cd265d8b9] - deps: update corepack to 0.34.4 (Node.js GitHub Bot) #60643
[65e839687b] - deps: update corepack to 0.34.2 (Node.js GitHub Bot) #60550
[2dc99d2771] - dns: fix Windows SRV ECONNREFUSED by adjusting c-ares fallback detection (notvivek12) #61453
[2c7b84b1d8] - doc: fix typo in http.md (Michael Solomon) #59354
[a84b42667c] - doc: fix grammar in global dispatcher usage (Eng Zer Jun) #59344
[ffd0ada45f] - doc: fix typo in test/common/README.md (Yoo) #59180
[b4d9d006e7] - doc: fix broken sentence in URL.parse (Superchupu) #59164
[45e9971d9c] - doc: fix typo in writing-test.md (SeokHun) #59123
[e9fd10b5d6] - doc: fix fetch subsections in globals.md (Antoine du Hamel) #58933
[3715dd1c2b] - doc: fix wrong RFC number in http2 (Deokjin Kim) #58753
[098c017eac] - doc: punctuation fix for Node-API versioning clarification (Jiacai Liu) #58599
[545bf434e1] - doc: fix typo of file http.md, outgoingMessage.setTimeout section (yusheng chen) #58188
[b3d6683e7b] - doc: support toolchain with Visual Studio 2019 & 2022 only (Mike McCready) #61450
[8fdde5d110] - doc: fix v20 changelog after security release (Marco Ippolito) #61371
[31d04599be] - http: fix keep-alive not timing out after post-request empty line (Shima Ryuhei) #58178
[5ec7d1eba0] - http2: validate initialWindowSize per HTTP/2 spec (Matteo Collina) #61402
[5c091d5a96] - meta: persist sccache daemon until end of build workflows (René) #61639
[183353aba0] - path,win: fix bug in resolve and normalize (Hüseyin Açacak) #55623
[dbe9e5091b] - src: fix flags argument offset in JSUdpWrap (Weixie Cui) #61948
[4106bfc775] - test: mark stringbytes-external-max flaky on AIX (Stewart X Addison) #60995
[de51937306] - test: mark stringbytes-external-exceed-max tests as flaky on AIX (Joyee Cheung) #60565
[368b221be3] - test: fix flaky test-performance-eventloopdelay (Matteo Collina) #61629
[e134912a33] - test: fix flaky test-worker-message-port-transfer-filehandle test (Alex Yang) #59158
[5630170d3e] - test: account for truthy signal in flaky async_hooks tests (Darshan Sen) #58478
[1e5363bb63] - test: mark test-http2-debug as flaky on LinuxONE (Richard Lau) #58494
[662998787a] - test: set test-fs-cp as flaky (Stefan Stojanovic) #56799
[0807127339] - test: mark test-esm-loader-hooks-inspect-wait flaky (Richard Lau) #56803
[6320cd0721] - test: skip strace test with shared openssl (Richard Lau) #61987
[83b9f8ee02] - tools: make nodedownload module compatible with Python 3.14 (Lumír 'Frenzy' Balhar) #58752
[6cf9b5786e] - tools: enforce removal of lts-watch-* labels on release proposals (Antoine du Hamel) #61672
[cd4161499c] - tools: use ubuntu-slim runner in meta GitHub Actions (Tierney Cyren) #61663
[6dc2a99a0d] - tools: validate release commit diff as part of lint-release-proposal (Antoine du Hamel) #61440
[5014f22332] - tools: add read permission to workflows that read contents (Antoine du Hamel) #58255
[6c3ad2a5a3] - tools: switch to ARM runners on GHA jobs (Antoine du Hamel) #61903
[1abada9c34] - tools: avoid building twice in coverage jobs (Antoine du Hamel) #61899
[f260e40127] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #61759
[64beca5e01] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #61734

2026-03-03 23:39:25

node

nodejs

2026-03-03, Version 25.8.0 (Current), @richardlau

Notable Changes

[e55eddea2a] - build, doc: use new api doc tooling (flakey5) #57343
[4c181e2277] - (SEMVER-MINOR) sqlite: add limits property to DatabaseSync (Mert Can Altin) #61298
[46ee1eddd7] - (SEMVER-MINOR) src: add C++ support for diagnostics channels (RafaelGSS) #61869
[9ddd1a9c27] - (SEMVER-MINOR) src,permission: add --permission-audit (RafaelGSS) #61869
[0d97ec4044] - (SEMVER-MINOR) test_runner: expose worker ID for concurrent test execution (Ali Hassan) #61394

Commits

[940b58c8c1] - buffer: optimize buffer.concat performance (Mert Can Altin) #61721
[0589b0e5a1] - build: fix GN for new merve dep (Shelley Vohr) #61984
[f3d3968dcd] - Revert "build: add temporal test on GHA windows" (Antoine du Hamel) #61810
[e55eddea2a] - build, doc: use new api doc tooling (flakey5) #57343
[b7715292f8] - child_process: add tracing channel for spawn (Marco) #61836
[a32a598748] - crypto: fix missing nullptr check on RSA_new() (ndossche) #61888
[dc384f95b3] - crypto: fix handling of null BUF_MEM* in ToV8Value() (Nora Dossche) #61885
[3337b095db] - crypto: fix potential null pointer dereference when BIO_meth_new() fails (Nora Dossche) #61788
[51ded81139] - deps: update undici to 7.22.0 (Node.js GitHub Bot) #62035
[8aa2fde931] - deps: update minimatch to 10.2.4 (Node.js GitHub Bot) #62016
[57dc092eaf] - deps: upgrade npm to 11.11.0 (npm team) #61994
[705bbd60a9] - deps: update simdjson to 4.3.1 (Node.js GitHub Bot) #61930
[4d411d72e5] - deps: update acorn-walk to 8.3.5 (Node.js GitHub Bot) #61928
[f53a32ab84] - deps: update acorn to 8.16.0 (Node.js GitHub Bot) #61925
[9b483fbb27] - deps: update minimatch to 10.2.2 (Node.js GitHub Bot) #61830
[4e54c103cb] - doc: separate in-types and out-types in SQLite conversion docs (René) #62034
[ca78ebbeaa] - doc: fix small logic error in DETECT_MODULE_SYNTAX (René) #62025
[e6b131f3fe] - doc: fix module.stripTypeScriptTypes indentation (René) #61992
[7508540e19] - doc: update DEP0040 (punycode) to application type deprecation (Mike McCready) #61916
[33a364cb62] - doc: explicitly mention Slack handle (Rafael Gonzaga) #61986
[46a61922bd] - doc: support toolchain Visual Studio 2022 & 2026 + Windows 11 SDK (Mike McCready) #61864
[dc12a257aa] - doc: rename invalid function parameter (René) #61942
[dafdc0a5b8] - http: validate headers in writeEarlyHints (Richard Clarke) #61897
[3c94b56fa6] - inspector: unwrap internal/debugger/inspect imports (René) #61974
[8a24c17648] - lib: improve argument handling in Blob constructor (Ms2ger) #61980
[21d4baf256] - meta: bump github/codeql-action from 4.32.0 to 4.32.4 (dependabot[bot]) #61911
[59a726a8e3] - meta: bump step-security/harden-runner from 2.14.1 to 2.14.2 (dependabot[bot]) #61909
[0072b7f991] - meta: bump actions/stale from 10.1.1 to 10.2.0 (dependabot[bot]) #61908
[999bf22f47] - repl: keep reference count for process.on('newListener') (Anna Henningsen) #61895
[4c181e2277] - (SEMVER-MINOR) sqlite: add limits property to DatabaseSync (Mert Can Altin) #61298
[aee2a18257] - src: fix flags argument offset in JSUdpWrap (Weixie Cui) #61948
[46ee1eddd7] - (SEMVER-MINOR) src: add C++ support for diagnostics channels (RafaelGSS) #61869
[9ddd1a9c27] - (SEMVER-MINOR) src,permission: add --permission-audit (RafaelGSS) #61869
[ea2df2a16f] - stream: fix pipeTo to defer writes per WHATWG spec (Matteo Collina) #61800
[aa0c7b09e0] - test: remove unnecessary process.exit calls from test files (Antoine du Hamel) #62020
[ad96a6578f] - test: skip test-url on --shared-ada builds (Antoine du Hamel) #62019
[7c72a31e4b] - test: skip strace test with shared openssl (Richard Lau) #61987
[604456c163] - test: avoid flaky debugger restart waits (Yuya Inoue) #61773
[4890d6bd43] - test_runner: run afterEach on runtime skip (Igor Shevelenkov) #61525
[fce2930110] - test_runner: expose expectFailure message (sangwook) #61563
[0d97ec4044] - (SEMVER-MINOR) test_runner: expose worker ID for concurrent test execution (Ali Hassan) #61394
[243e6b2009] - test_runner: replace native methods with primordials (Ayoub Mabrouk) #61219
[bf1ed7e647] - tls: forward keepAlive, keepAliveInitialDelay, noDelay to socket (Sergey Zelenov) #62004
[0f15079d94] - tools: remove custom logic for skipping test-strace-openat-openssl (Antoine du Hamel) #62038
[54a055a59d] - tools: bump minimatch from 3.1.2 to 3.1.3 in /tools/clang-format (dependabot[bot]) #61977
[a28744cb62] - tools: fix permissions for merve update script (Richard Lau) #62023
[31e7936354] - tools: revert tools GHA workflow to ubuntu-latest (Richard Lau) #62024
[0a96a16e1f] - tools: bump minimatch from 3.1.2 to 3.1.3 in /tools/eslint (dependabot[bot]) #61976
[f279233412] - tools: roll back to x86 runner on scorecard.yml (Antoine du Hamel) #61944
[192c0382f4] - util: add fast path to stripVTControlCharacters (Hiroki Osame) #61833

2026-02-24 23:15:42

node

nodejs

2026-02-24, Version 25.7.0 (Current), @ruyadorno prepared by @aduh95

Notable Changes

[b0a79b10f0] - (SEMVER-MINOR) http2: add http1Options for HTTP/1 fallback configuration (Amol Yadav) #61713
[2d874dfb8e] - (SEMVER-MINOR) sea: support ESM entry point in SEA (Joyee Cheung) #61813
[ee59127664] - sqlite: mark as release candidate (Matteo Collina) #61262
[608736e19e] - (SEMVER-MINOR) stream: rename Duplex.toWeb() type option to readableType (René) #61632
[a43375999f] - (SEMVER-MINOR) test_runner: show interrupted test on SIGINT (Matteo Collina) #61676

Commits

[ab4375e141] - benchmark: add startup benchmark for ESM entrypoint (Joyee Cheung) #61769
[8d83d8026b] - build: add temporal test on GHA windows (Chengzhong Wu) #61810
[aab153eec3] - build: skip sscache action on non-main branches (Joyee Cheung) #61790
[9e40fb93bc] - build: use path-ignore in GHA coverage-windows.yml (Chengzhong Wu) #61811
[4896653361] - build: generate_config_gypi.py generates valid JSON (Shelley Vohr) #61791
[bb82b44de0] - build: build with v8 gdbjit support on supported platform (Joyee Cheung) #61010
[e7173a093a] - build: show cc outputs when version detection failed (Chengzhong Wu) #61700
[848050d38f] - build,win: add WinGet Visual Studio 2022 Build Tools Edition config (Mike McCready) #61652
[938841e1cd] - crypto: always return certificate serial numbers as uppercase (Anna Henningsen) #61752
[dba9001d6f] - deps: upgrade npm to 11.10.1 (npm team) #61892
[75c8e18d2f] - deps: update nbytes to 0.1.3 (Node.js GitHub Bot) #61879
[4ca1597f25] - deps: remove stale OpenSSL arch configs (René) #61834
[c4f298c729] - deps: update llhttp to 9.3.1 (Node.js GitHub Bot) #61827
[7d63a2df93] - deps: V8: cherry-pick 64b36b441179 (Rafael Magrin) #61712
[241a6b7088] - deps: update googletest to 5a9c3f9e8d9b90bbbe8feb32902146cb8f7c1757 (Node.js GitHub Bot) #61731
[eec896c0e0] - deps: V8: backport 6a0a25abaed3 (Vivian Wang) #61666
[5a9874af09] - doc: clarify status of feature request issues (Antoine du Hamel) #61505
[0648ac64aa] - doc: add esm and cjs examples to node:vm (Alfredo González) #61498
[8b38718294] - doc: clarify build environment is trusted in threat model (Matteo Collina) #61865
[10e86818ee] - doc: remove incorrect mention of module in typescript.md (Rob Palmer) #61839
[b50376f527] - doc: simplify addAbortListener example (Chemi Atlow) #61842
[dea0e7a856] - doc: fix typo in --disable-wasm-trap-handler description (Dmytro Semchuk) #61820
[57ac1f5aa0] - doc: clean up globals.md (René) #61822
[4c30d2bb4d] - doc: remove obsolete Boxstarter automated install (Mike McCready) #61785
[db610b9e32] - doc: clarify async caveats for events.once() (René) #61572
[b4a826b11c] - doc: update Juan's security steward info (Juan José) #61754
[7d9cc5dc54] - doc: fix methods being documented as properties in process.md (Antoine du Hamel) #61765
[aa0362c26a] - doc: add riscv64 info into platform list (Lu Yahan) #42251
[9b0101b65b] - doc: fix dropdown menu being obscured at <600px due to stacking context (Jeff) #61735
[df2c65b3e4] - doc: fix spacing in process message event (Aviv Keller) #61756
[01018559f5] - doc: move describe/it aliases section before expectFailure (Luca Raveri) #61567
[49443583af] - doc: fix broken links of net.md (YuSheng Chen) #61673
[af7c927a2a] - doc: clean up Windows code snippet in child_process.md (reillylm) #61422
[221648a687] - esm: update outdated FIXME comment in translators.js (Karan Mangtani) #61715
[4484e14a31] - events: don't call resume after close (Сковорода Никита Андреевич) #60548
[4cecbe1f53] - fs: add throwIfNoEntry option for fs.stat and fs.promises.stat (Juan José) #61178
[2c94967684] - http: remove redundant keepAliveTimeoutBuffer assignment (Efe) #61743
[435f3dd8e4] - http: attach error handler to socket synchronously in onSocket (RajeshKumar11) #61770
[ce0ebd853d] - http: fix keep-alive socket reuse race in requestOnFinish (Martin Slota) #61710
[8103a78b6a] - http2: add strictSingleValueFields option to relax header validation (Tim Perry) #59917
[b0a79b10f0] - (SEMVER-MINOR) http2: add http1Options for HTTP/1 fallback configuration (Amol Yadav) #61713
[c589b6b23c] - http2: fix FileHandle leak in respondWithFile (sangwook) #61707
[df477202ae] - lib: reduce cycles in esm loader and load it in snapshot (Joyee Cheung) #61769
[deda50a819] - lib: remove top-level getOptionValue() calls in lib/internal/modules (Joyee Cheung) #61769
[b1c1ddff79] - lib: optimize styleText when validateStream is false (Rafael Gonzaga) #61792
[df334f7fa0] - meta: use SCCACHE_GHA_ENABLED for shared build workflows (René) #61640
[e1b2cd605f] - meta: bump cachix/install-nix-action from 31.9.0 to 31.9.1 (dependabot[bot]) #61910
[24b858547a] - module: fix extensionless entry with explicit type=commonjs (Yuya Inoue) #61600
[4f2f8006bd] - repl: fix FileHandle leak in history initialization (sangwook) #61706
[2d874dfb8e] - (SEMVER-MINOR) sea: support ESM entry point in SEA (Joyee Cheung) #61813
[ee59127664] - sqlite: mark as release candidate (Matteo Collina) #61262
[f14ff14473] - src: remove unnecessary c_str() conversions in diagnostic messages (Anna Henningsen) #61786
[26a09e541d] - src: use bool literals in TraceEnvVarOptions (Tobias Nießen) #61425
[62b0758c47] - src: fix --build-sea default executable path (Alex Schwartz) #61708
[b5724921b1] - src: track allocations made by zstd streams (Anna Henningsen) #61717
[3d1d1523a5] - src: do not store compression methods on Brotli classes (Anna Henningsen) #61717
[b2915cda77] - src: extract zlib allocation tracking into its own class (Anna Henningsen) #61717
[3032a7e3c6] - src: release memory for zstd contexts in Close() (Anna Henningsen) #61717
[bc2287db74] - src: add more checks and clarify docs for external references (Joyee Cheung) #61719
[5daf282e33] - src: fix cjs_lexer external reference registration (Joyee Cheung) #61718
[fb2db5f947] - src: support import() and import.meta in embedder-run modules (Joyee Cheung) #61654
[e146591002] - stream: fix decoded fromList chunk boundary check (Thomas Watson) #61884
[065200a5f0] - stream: add fast paths for webstreams read and pipeTo (Matteo Collina) #61807
[608736e19e] - (SEMVER-MINOR) stream: rename Duplex.toWeb() type option to readableType (René) #61632
[51587d684d] - test: fix typos in test files (Daijiro Wachi) #61408
[17b2361360] - test: allow filtering async internal frames in assertSnapshot (Joyee Cheung) #61769
[3f6a5f5f7f] - test: unify assertSnapshot stacktrace transform (Chengzhong Wu) #61665
[c8dac320de] - test: check stability block position in API markdown (René) #58590
[6809ef8d04] - test: adapt buffer test for v8 sandbox (Shelley Vohr) #61772
[60f5771a74] - test: update FileAPI tests from WPT (Ms2ger) #61750
[d2fef4a31a] - test: update WPT for WebCryptoAPI to 7cbe7e8ed9 (Node.js GitHub Bot) #61729
[d7a87f14da] - test: update WPT for url to efb889eb4c (Node.js GitHub Bot) #61728
[b6ae1fc4b8] - test: split test-embedding.js and run tests in parallel (Joyee Cheung) #61571
[a43375999f] - (SEMVER-MINOR) test_runner: show interrupted test on SIGINT (Matteo Collina) #61676
[1c02aa09b0] - test_runner: fix suite rerun (Moshe Atlow) #61775
[47821ec609] - tools: switch to ARM runners on GHA jobs (Antoine du Hamel) #61903
[1630a56370] - tools: avoid building twice in coverage jobs (Antoine du Hamel) #61899
[89318b0a02] - tools: fix auto-start-ci (Antoine du Hamel) #61900
[ee107f5e84] - tools: do not checkout repo in auto-start-ci.yml (Antoine du Hamel) #61874
[c2de1fa619] - tools: cache V8 build on test-shared workflow (Antoine du Hamel) #61860
[111c77ec94] - tools: automate updates for test/fixtures/test426 (Rich Trott) #60978
[ea8886f7d5] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #61759
[9db82ba786] - tools: bump unist-util-visit in /tools/doc in the doc group (dependabot[bot]) #61646
[c8e58c56b9] - tools: bump the eslint group in /tools/eslint with 6 updates (dependabot[bot]) #61628
[2518ec77e8] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #61734
[c5ad2beba3] - tools: fix small inconsistencies in JSON doc output (Antoine du Hamel) #61757
[a9f90bee0a] - tools: use ubuntu-latest runner in notify-on-push workflow (Antoine du Hamel) #61742
[30e38182d9] - watch: get flags from execArgv (Efe) #61779
[da1a08a3a5] - worker: eliminate race condition in process.cwd() (giulioAZ) #61664
[dfac82a235] - zlib: add support for brotli compression dictionary (Andy Weiss) #61763

2026-02-24 23:14:09

node

nodejs

2026-02-24, Version 24.14.0 'Krypton' (LTS), @ruyadorno prepared by @aduh95

Notable Changes

[8b6d31d379] - (SEMVER-MINOR) async_hooks: add trackPromises option to createHook() (Joyee Cheung) #61415
[68da144b4e] - build,deps: replace cjs-module-lexer with merve (Yagiz Nizipli) #61456
[f3a24c76e4] - (SEMVER-MINOR) deps: add LIEF as a dependency (Joyee Cheung) #61167
[1948861d23] - (SEMVER-MINOR) events: repurpose events.listenerCount() to accept EventTargets (René) #60214
[d6f7c8d06f] - (SEMVER-MINOR) fs: add ignore option to fs.watch (Matteo Collina) #61433
[cb54b3ca6e] - (SEMVER-MINOR) http: add http.setGlobalProxyFromEnv() (Joyee Cheung) #60953
[35b1759d06] - (SEMVER-MINOR) module: allow subpath imports that start with #/ (Jan Martin) #60864
[2d72ea66f2] - (SEMVER-MINOR) process: preserve AsyncLocalStorage in queueMicrotask only when needed (Gürgün Dayıoğlu) #60913
[6f4a4f6c8e] - (SEMVER-MINOR) sea: split sea binary manipulation code (Joyee Cheung) #61167
[c0ceb9b065] - (SEMVER-MINOR) sqlite: enable defensive mode by default (Bart Louwers) #61266
[33d8e8303b] - (SEMVER-MINOR) sqlite: add sqlite prepare options args (Guilherme Araújo) #61311
[563ab699eb] - (SEMVER-MINOR) src: add initial support for ESM in embedder API (Joyee Cheung) #61548
[4c80031000] - (SEMVER-MINOR) stream: add bytes() method to node:stream/consumers (wantaek) #60426
[f5233df4ff] - (SEMVER-MINOR) stream: do not pass readable.compose() output via Readable.from() (René) #60907
[345a40fda3] - (SEMVER-MINOR) test: use fixture directories for sea tests (Joyee Cheung) #61167
[972f82411d] - (SEMVER-MINOR) test_runner: add env option to run function (Ethan Arrowood) #61367
[d77f98c4b6] - (SEMVER-MINOR) test_runner: support expecting a test-case to fail (Jacob Smith) #60669
[8e900af6ba] - (SEMVER-MINOR) util: add convertProcessSignalToExitCode utility (Erick Wendel) #60963

Commits

[180778fb9a] - assert: fix loose deepEqual arrays with undefined and null failing (Ruben Bridgewater) #61587
[8b6d31d379] - (SEMVER-MINOR) async_hooks: add trackPromises option to createHook() (Joyee Cheung) #61415
[83bcd38d35] - benchmark: add streaming TextDecoder benchmark (Сковорода Никита Андреевич) #61549
[4c105844c5] - build: add support for Visual Studio 2026 (Michaël Zasso) #60727
[1f84fd91d9] - build: skip sscache action on non-main branches (Joyee Cheung) #61790
[30601b680f] - build: add --shared-nbytes configure flag (Antoine du Hamel) #61341
[c6253eda49] - build: add --shared-hdr-histogram configure flag (Antoine du Hamel) #61280
[584c189037] - build: add --shared-gtest configure flag (Antoine du Hamel) #61279
[5998987881] - build: aix: deoptimize implementation-visitor.cc with --shared (Stewart X Addison) #61550
[68da144b4e] - build,deps: replace cjs-module-lexer with merve (Yagiz Nizipli) #61456
[6a4511bafb] - build,win: fix vs2022 compilation (Stefan Stojanovic) #61530
[2d6735db8a] - deps: upgrade npm to 11.9.0 (npm team) #61685
[699e2f8f81] - deps: update amaro to 1.1.7 (Node.js GitHub Bot) #61730
[7be76316d6] - deps: update minimatch to 10.1.2 (Node.js GitHub Bot) #61732
[97e5a65013] - deps: update undici to 7.21.0 (Node.js GitHub Bot) #61683
[74e4710ee7] - deps: update googletest to 56efe3983185e3f37e43415d1afa97e3860f187f (Node.js GitHub Bot) #61605
[b5113e2a2a] - deps: update amaro to 1.1.6 (Node.js GitHub Bot) #61603
[f3a24c76e4] - (SEMVER-MINOR) deps: add LIEF as a dependency (Joyee Cheung) #61167
[c370c3dc06] - (SEMVER-MINOR) deps: add tools and scripts to pull LIEF as a dependency (Joyee Cheung) #61167
[e54975e17d] - deps: V8: cherry-pick highway@dcc0ca1cd42 (Richard Lau) #61008
[625b90b76b] - deps: update undici to 7.19.2 (Node.js GitHub Bot) #61566
[05e9a9fb5e] - deps: update undici to 7.19.1 (Node.js GitHub Bot) #61514
[3d41643e38] - deps: update undici to 7.19.0 (Node.js GitHub Bot) #61470
[17b363a66c] - dns: fix Windows SRV ECONNREFUSED by adjusting c-ares fallback detection (notvivek12) #61453
[33d0a8c22d] - doc: clarify EventEmitter error handling in threat model (Matteo Collina) #61701
[5b8e72cf85] - doc: mention default option for test runner env (Steven) #61659
[f44e67fac2] - doc: fix --inspect security warning section (Tim Perry) #61675
[a0e09c9043] - doc: document url.format(urlString) as deprecated under DEP0169 (René) #61644
[5e719248fe] - doc: deprecation add more codemod (Augustin Mauroy) #61642
[8f5a3e5df4] - doc: fix grammatical error in README.md (ayj8201) #61653
[d52b535163] - doc: correct tools README Boxstarter link (Mike McCready) #61638
[4889dc4f59] - doc: update server.dropMaxConnection link (YuSheng Chen) #61584
[8e48e72f2a] - doc: clean up writing-and-running-benchmarks.md (Hardanish Singh) #61345
[1948861d23] - (SEMVER-MINOR) events: repurpose events.listenerCount() to accept EventTargets (René) #60214
[d6f7c8d06f] - (SEMVER-MINOR) fs: add ignore option to fs.watch (Matteo Collina) #61433
[2d7e5f9581] - http: implement slab allocation for HTTP header parsing (Mert Can Altin) #61375
[cb54b3ca6e] - (SEMVER-MINOR) http: add http.setGlobalProxyFromEnv() (Joyee Cheung) #60953
[6df8be48ce] - lib: use utf8 fast path for streaming TextDecoder (Сковорода Никита Андреевич) #61549
[830fff0aca] - lib: recycle queues (Robert Nagy) #61461
[069874bdbd] - lib: use StringPrototypeStartsWith from primordials in locks (Taejin Kim) #61492
[7824c7589e] - lib: unify ICU and no-ICU TextDecoder (Сковорода Никита Андреевич) #61409
[f81430702a] - lib: prefer call() over apply() if argument list is not array (Livia Medeiros) #60796
[a723f72e1e] - lib: add support for readable byte streams to .toWeb() (Hans Klunder) #58664
[b78d814b3d] - meta: persist sccache daemon until end of build workflows (René) #61639
[40a872a4b9] - meta: bump github/codeql-action from 4.31.9 to 4.32.0 (dependabot[bot]) #61622
[0637bdb3be] - meta: bump step-security/harden-runner from 2.14.0 to 2.14.1 (dependabot[bot]) #61621
[e8d9bd9fc5] - meta: bump actions/setup-python from 6.1.0 to 6.2.0 (dependabot[bot]) #61627
[c517df2b65] - meta: bump actions/setup-node from 6.1.0 to 6.2.0 (dependabot[bot]) #61625
[9a64f2f25d] - meta: bump actions/cache from 5.0.1 to 5.0.3 (dependabot[bot]) #61624
[0e5922e95e] - meta: bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (dependabot[bot]) #61623
[5da7b51091] - meta: bump actions/stale from 10.1.0 to 10.1.1 (dependabot[bot]) #61620
[c085c8a43f] - meta: bump actions/checkout from 6.0.1 to 6.0.2 (dependabot[bot]) #61619
[ce2acf0275] - meta: bump actions/download-artifact from 6.0.0 to 7.0.0 (dependabot[bot]) #61242
[629f0eaac5] - meta: bump actions/checkout from 6.0.0 to 6.0.1 (dependabot[bot]) #61239
[cd80d369c9] - meta: bump actions/upload-artifact from 5.0.0 to 6.0.0 (dependabot[bot]) #61238
[8c75e4e1fa] - meta: bump actions/checkout from 5.0.1 to 6.0.0 (dependabot[bot]) #60925
[5a9e9f4127] - meta: bump actions/checkout from 5.0.0 to 5.0.1 (dependabot[bot]) #60767
[1519251dd1] - module: do not invoke resolve hooks twice for imported cjs (Joyee Cheung) #61529
[8d7190b3fe] - module: do not wrap module._load when tracing is not enabled (Joyee Cheung) #61479
[35b1759d06] - (SEMVER-MINOR) module: allow subpath imports that start with #/ (Jan Martin) #60864
[7a83b38921] - net: defer synchronous destroy calls in internalConnect (RajeshKumar11) #61658
[16bab79421] - process: do not truncate long strings in --print (Mohamed Akram) #61497
[2d72ea66f2] - (SEMVER-MINOR) process: preserve AsyncLocalStorage in queueMicrotask only when needed (Gürgün Dayıoğlu) #60913
[9cc1c4604f] - repl: fix getters triggering side effects during completion (Dario Piotrowicz) #61043
[93703306a1] - repl: tab completion targets <class> instead of new <class> (Đỗ Trọng Hải) #60319
[6f4a4f6c8e] - (SEMVER-MINOR) sea: split sea binary manipulation code (Joyee Cheung) #61167
[46a2dad4db] - sqlite: avoid extra copy for large text binds (Ali Hassan) #61580
[f91a377f7e] - sqlite: use DictionaryTemplate for run() result (Mert Can Altin) #61432
[0e7571ae3e] - sqlite: change approach to fix segfault SQLTagStore (Bart Louwers) #60462
[8e8f70524a] - sqlite: reserve vectors space (Guilherme Araújo) #61540
[c0ceb9b065] - (SEMVER-MINOR) sqlite: enable defensive mode by default (Bart Louwers) #61266
[33d8e8303b] - (SEMVER-MINOR) sqlite: add sqlite prepare options args (Guilherme Araújo) #61311
[f0d8f37002] - src: elide heap allocation in structured clone implementation (Anna Henningsen) #61703
[db478c4336] - src: use simdutf for one-byte string UTF-8 write in stringBytes (Mert Can Altin) #61696
[563ab699eb] - (SEMVER-MINOR) src: add initial support for ESM in embedder API (Joyee Cheung) #61548
[da13186a15] - src: throw RangeError on failed ArrayBuffer BackingStore allocation (Chengzhong Wu) #61480
[4c80031000] - (SEMVER-MINOR) stream: add bytes() method to stream/consumers (wantaek) #60426
[f5233df4ff] - (SEMVER-MINOR) stream: do not pass readable.compose() output via Readable.from() (René) #60907
[ad04a469c8] - test: restraint version replacement pattern in snapshots (Chengzhong Wu) #61748
[2d3b4a8d65] - test: print stack immediately avoiding GC interleaving (Chengzhong Wu) #61699
[38f43a6d4e] - test: fix case-insensitive path matching on Windows (Matteo Collina) #61682
[06513f5ff2] - test: fix flaky test-performance-eventloopdelay (Matteo Collina) #61629
[9d79c66c61] - test: remove duplicate wpt tests (Filip Skokan) #61617
[eac9f4f401] - test: fix race condition in watch mode tests (Matteo Collina) #61615
[ecf5947575] - test: update WPT for url to e3c46fdf55 (Node.js GitHub Bot) #61602
[356ff5fece] - test: use the skipIfNoWatch() utility function (Luigi Pinca) #61531
[4b2187aea2] - test: unify assertSnapshot common patterns (Chengzhong Wu) #61590
[8c25489d63] - test: split test-fs-watch-ignore-* (Luigi Pinca) #61494
[43b8a2b7e7] - test: add some validation for JSON doc output (Antoine du Hamel) #61413
[345a40fda3] - (SEMVER-MINOR) test: use fixture directories for sea tests (Joyee Cheung) #61167
[24cf6b8326] - test: reveal wpt evaluation errors in status files (Chengzhong Wu) #61358
[d4034dfb62] - test: forbid use of named imports for fixtures (Antoine du Hamel) #61228
[4f871ee897] - test: enforce better never-settling-promise detection (Antoine du Hamel) #60976
[8e9adedf02] - test: ensure assertions are reached on all tests (Antoine du Hamel) #60845
[273832802e] - test: ensure assertions are reached on more tests (Antoine du Hamel) #60763
[e06adcb52f] - test: ensure assertions are reached on more tests (Antoine du Hamel) #60760
[aeed0ccc02] - test: use RegExp.escape to improve test reliability (Antoine du Hamel) #60803
[74bcd0adab] - test: ensure assertions are reached on more tests (Antoine du Hamel) #60728
[407807b08e] - test: skip tests not passing without NODE_OPTIONS support (Antoine du Hamel) #60912
[a9e70cefb0] - test: ensure assertions are reached on more tests (Antoine du Hamel) #60634
[21b23cd0d0] - test_runner: fix test enqueue when test file has syntax error (Edy Silva) #61573
[6a4de694b2] - test_runner: fix passing expectFailure (Moshe Atlow) #61568
[6640de2b0f] - test_runner: differentiate todo and failure styles (Moshe Atlow) #61564
[972f82411d] - (SEMVER-MINOR) test_runner: add env option to run function (Ethan Arrowood) #61367
[d77f98c4b6] - (SEMVER-MINOR) test_runner: support expecting a test-case to fail (Jacob Smith) #60669
[f98986cbb9] - tools: switch to ARM runners on GHA jobs (Antoine du Hamel) #61903
[034589dd93] - tools: avoid building twice in coverage jobs (Antoine du Hamel) #61899
[e50e2f00bb] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #61759
[f658f48ccb] - tools: use ubuntu-slim runner in GHA (Antoine du Hamel) #61734
[65c77d74ff] - tools: use ubuntu-latest runner in notify-on-push workflow (Antoine du Hamel) #61742
[605905556a] - tools: enforce removal of lts-watch-* labels on release proposals (Antoine du Hamel) #61672
[f0f98d4c03] - tools: use ubuntu-slim runner in meta GitHub Actions (Tierney Cyren) #61663
[ab63ddf354] - tools: add LIEF to license builder (Chengzhong Wu) #61523
[8a0f6192c9] - tools: enforce trailing commas in test/es-module (Antoine du Hamel) #60891
[4afbbcf39e] - tools: enforce trailing commas in test/sequential (Antoine du Hamel) #60892
[4c1abf752c] - tools,win: upgrade install additional tools to Visual Studio 2026 (Mike McCready) #61562
[8e900af6ba] - (SEMVER-MINOR) util: add convertProcessSignalToExitCode utility (Erick Wendel) #60963